How Workday Bridges the Gap between Amazon and OpenStack

It was Wednesday, Nov. 30, 2016. At the AWS re:Invent conference in Las Vegas, Aneel Bhusri, the CEO and co-founder of enterprise resource planning service provider Workday, took the stage. Praising Amazon for its variety of cloud-based solutions, Bhusri presented the theme he said guided his technology vision since founding his company in 2005.
“We embrace this concept of ‘The Power of One,’” the CEO said, “where every customer is on exactly the same version, one line of code, one security model, one user model, one user interface.” He explicitly called out his competitors, SAP and Oracle, calling them “Frankensource” organizations that conglomerate their multifarious open and proprietary technologies into an amalgam, whose contiguousness and continuity they spend far too much of their time maintaining.
Bhusri’s message preceded the announcement that all of Workday’s applications would run on Amazon AWS, as part of a multi-year partnership, after Workday engineers had completed an extensive technical assessment of all the alternative configurations.
“Amazon Web Services is a scary beast,” wrote Aporeto founder Amir Sharif for The New Stack, just days after re:Invent closed that year. “It is a fast-moving, hungry hippo that devours everything in its sight. And it is Hotel California: You can check out anytime you like, but you will never leave.”
Voices Down the Corridor
“We do have a little bit of a secret,” admitted Edgar Magana, senior principal software development engineer at Workday. Magana’s key accomplishment there has been the OpenStack-based platform which hosts his company’s virtual infrastructure.
You read this right. The applications running on Workday’s 650-plus servers in co-location facilities in Portland, Oregon; Lithia Springs, Georgia; Ashburn, Virginia; Amsterdam, the Netherlands; and Dublin, Ireland, have been and will continue to be serviced on a very sophisticated infrastructure layer based on the open source OpenStack infrastructure management software.
Since his involvement with OpenStack began in mid-2012, Magana told us, he had been personally involved with the open source effort to endow OpenStack with full support for AWS’ Elastic Compute Cloud (EC2) API. At one time, 100 percent compatibility had been a goal. But the community came to a collective realization, he said, that “we were always chasing Amazon’s tail, and we were not able to create our own thing.”
“With regard to the public cloud — to Amazon, in this case, it’s an extension,” Magana told The New Stack. “I always like to clarify that we have a very good agreement with Amazon to extend our services to the public cloud. We want to gain more flexibility. We want to have presence in places where building a data center is going to be a big challenge. Why don’t we just use the public cloud? That’s the perfect scenario for those kinds of things.”
In a white paper for the OpenStack Foundation, co-authored with Intel and electronic health records provider AthenaHealth, Magana introduced the architecture with which his enterprise is hosting existing applications on virtual infrastructure, while simultaneously migrating new ones. It’s a system that utilizes Gerrit for code review, Jenkins for managing the deployment process, Chef for configuring workload instances on virtual machines, and OpenContrail for deploying and managing a hosted virtual network.
Getting the virtual machines on which Workday’s applications are hosted, moved to OpenStack, has already consumed a stretch of time. According to the white paper, the move has been “a staged process, involving a fair amount of operational complexity, tools, training, and ensuring endpoint connections. OpenStack helps to streamline their progress by automating the onboarding and validation process. Workday aims to have 40 percent of their applications under OpenStack by the end of 2017.”
The words “Amazon” and “AWS” do not appear anyplace in Magana’s white paper. That fact alone is extraordinary, for a company that last year was being touted as having effectively been won by Amazon (and which last February actually won Amazon as its own customer).
The Mission Bell
Today, Magana co-chair’s OpenStack’s User Committee, and previously served on OpenStack’s board of directors. So he may be Workday’s most fervent OpenStack advocate inside his company. He gives AWS its due credit, but he stops well short of the kind of brotherly embrace that Workday executives displayed last year.
“At the end of the day, what is Amazon, right?” said Magana. “It is a public cloud with a very strong API that gives you the ability to build whatever you want to build on the top of that. So what we have done on the OpenStack side [is], we built something on top of OpenStack to enable an application to smoothly transition from a development environment to the production system.”
Magana described for us an environment where hundreds of Workday developers build their applications using the methodologies we would normally associate with “cloud-native,” just without the public cloud part. They start on an OpenStack cloud, in Workday’s own data centers. An intermediate support layer, connected with Workday’s CI/CD pipelines, makes it possible for code developed internally on systems that don’t resemble Amazon’s in the least, to be smoothly migrated into a production environment that may — or may not — involve AWS territory.
“That’s our little secret. We build some kind of middleware,” he said, “for our services to actually call that API, and deploy their services and code in virtual machines in OpenStack. And they don’t even know about it — they never talk to an OpenStack API, ever. They only know they have this API to say, ‘Here is my TAR file with my source code, or my RPM, or whatever kind of artifact.’ And we have a CI/CD system that actually grabs that artifact, wraps it up in a virtual machine, puts all the things we need around it — logging, monitoring, testing, security, and probably the most important thing, the signature certificates to publish that image into our data centers.
“[It] gets replicated across all the data centers, so we have exactly the same version everywhere,” the Workday engineer continued. “And whenever we’re ready to actually deploy it, we just say, ‘Hey, system, create me a thousand instances of this service.’ You’ve got it. People don’t know it’s OpenStack.”
Prisoners of Our Own Device
Could Workday’s middleware layer be useful beyond the company itself? Could it become a necessary and valuable open source component for any OpenStack deployment that involves a CI/CD pipeline, and compatibility with EC2?
“It wouldn’t make a lot of sense to do that,” responded Workday’s Edgar Magana. “We’re not doing anything that is magic. What we’re doing is, having a base image, putting our code there, and shipping it everywhere. That’s it.
“What we’ve done to make it so easy and automated,” he continued, “requires a lot of things that are very specific to the Workday environment. So it wouldn’t make sense for other people. But sharing the idea out there, we already do that, right? The white paper mentioned it, and other communications we have done have already mentioned it. Whenever we can share tools, we try to do it. But in general, just exposing this internal middleware code wouldn’t be useful for anyone at all, in my opinion.”
Every enterprise, he explained, will have its own technological challenges and use cases, so whatever middleware its engineers create must take those unique elements into account. The complexity involved with tackling this challenge will take its own, perhaps freakishly unique, shape along the way.
“What I will strongly recommend is to build something,” Magana advised. “I keep calling it ‘middleware,’ but something that abstracts the back-end platform, your pipeline system, from the way to deliver your application artifact to production. I strongly recommend that.”
It is nothing like Aporeto’s CEO described it: succumbing to the relentless will of a monopolistic beast with its sights set on world domination. If anything, Workday’s strategy is a do-it-yourself program for making global public cloud deployment viable for an organization that is not, and may not ever be, rooted there to begin with.
Workday will be speaking more about this deployment at the OpenStack Summit, Sydney, Nov. 6-8.
Aporeto and The OpenStack Foundation is a sponsor of The New Stack.
Feature image by Simon Matzinger via Unsplash.